Network_architecture
Chapter 21: Network Architecture
Section titled “Chapter 21: Network Architecture”21.1 Common Network Types
Section titled “21.1 Common Network Types” Network Types+------------------------------------------------------------------+
LAN (Local Area Network):+------------------------------------------------------------------+| - Single location (building/campus) || - High speed (1 Gbps, 10 Gbps) || - Low latency || - Examples: Office network, home network |+------------------------------------------------------------------+
WAN (Wide Area Network):+------------------------------------------------------------------+| - Geographic spread (cities, countries) || - Lower speed (usually) || - Higher latency || - Examples: MPLS, leased lines, satellite |+------------------------------------------------------------------+
MAN (Metropolitan Area Network):+------------------------------------------------------------------+| - City-wide || - Connects multiple LANs || - Medium speed |+------------------------------------------------------------------+
PAN (Personal Area Network):+------------------------------------------------------------------+| - Very small area (body, room) || - Bluetooth, USB |+------------------------------------------------------------------+
VPN (Virtual Private Network):+------------------------------------------------------------------+| - Extends private network over public || - Encrypted tunnel |+------------------------------------------------------------------+
+------------------------------------------------------------------+21.2 Network Topologies
Section titled “21.2 Network Topologies” Physical Topologies+------------------------------------------------------------------+
1. Bus Topology+------------------------------------------------------------------+
+---+---+---+---+---+ | | | | | +---+---+---+---+---+ | | | | | [PC1 PC2 PC3 PC4]
- Single cable, terminators at ends- Cheap but single point of failure- Not used today+------------------------------------------------------------------+
2. Star Topology+------------------------------------------------------------------+
[PC] | [SW]--+--[PC] | [PC]
- Central switch- Most common today- Easy to troubleshoot+------------------------------------------------------------------+
3. Ring Topology+------------------------------------------------------------------+
[PC1]---[PC2] | | [PC4]---[PC3]
- Token passing (Token Ring, FDDI)- Can be dual-ring for redundancy+------------------------------------------------------------------+
4. Mesh Topology+------------------------------------------------------------------+
[PC1]---[PC2] | \ / | [PC4]---[PC3]
- Full mesh: every device connected- Partial mesh: some redundancy- Expensive but reliable+------------------------------------------------------------------+
5. Tree Topology+------------------------------------------------------------------+
[Core Switch] | +---------+---------+ | |[Dist Switch] [Dist Switch] | |[Access] [Access] [Access] [Access]
- Hierarchical- Used in large networks+------------------------------------------------------------------+
+------------------------------------------------------------------+21.3 Three-Tier Architecture
Section titled “21.3 Three-Tier Architecture” Three-Tier Model+------------------------------------------------------------------+
+----------------+ | Internet | +--------+-------+ | +--------v-------+ | Edge Router | (Border) | Firewall/VPN | +--------+-------+ | +--------v-------+ | Distribution | (L3 routing, ACLs) | Switch | +--------+-------+ / \+---v---+ +---v---+| Access| | Access|| SW1 | | SW2 |+---+---+ +---+---+ | |[Servers] [Users][Users] [Users]
+------------------------------------------------------------------+
Layers:+------------------------------------------------------------------+
1. Access Layer+------------------------------------------------------------------+| - Connects end users || - Layer 2 switching || - Port security || - PoE (for IP phones, access points) |+------------------------------------------------------------------+
2. Distribution Layer+------------------------------------------------------------------+| - Aggregates access switches || | Layer 3 routing (inter-VLAN) || - Policy enforcement (ACLs, QoS) || - Redundancy |+------------------------------------------------------------------+
3. Core Layer+------------------------------------------------------------------+| - High-speed backbone || - Fast forwarding || - No filtering (keep it simple) || - Redundancy critical |+------------------------------------------------------------------+
+------------------------------------------------------------------+21.4 DMZ Architecture
Section titled “21.4 DMZ Architecture” DMZ Network+------------------------------------------------------------------+
Internet | | +----v----+ | Edge FW | +----+----+ | +--> DMZ (Public Servers) | +-- Web Server | +-- Mail Server | +-- DNS Server | +--> Internal Network +-- Database Servers +-- App Servers +-- User Workstations
DMZ Services:+------------------------------------------------------------------+| - Web servers (HTTP, HTTPS) || - Email (SMTP, IMAP, POP3) || - DNS (authoritative) || - VPN termination |+------------------------------------------------------------------+
Firewall Zones:+------------------------------------------------------------------+| Internet -> DMZ (allow 80, 443, 25, 53) || DMZ -> Internal (allow minimal) || Internal -> Internet (allow all with NAT) |+------------------------------------------------------------------+
+------------------------------------------------------------------+21.5 Data Center Network
Section titled “21.5 Data Center Network” Data Center Architecture+------------------------------------------------------------------+
Tier Levels:+------------------------------------------------------------------+
Tier 1:+------------------------------------------------------------------+| - Single path for redundancy || - 99.671% uptime (28.8 hr downtime/year) || - Basic |+------------------------------------------------------------------+
Tier 2:+------------------------------------------------------------------+| - Partial redundancy || - 99.749% uptime (22 hr downtime/year) |+------------------------------------------------------------------+
Tier 3:+------------------------------------------------------------------+| - Multiple active paths || - 99.982% uptime (1.6 hr downtime/year) || - Concurrently maintainable |+------------------------------------------------------------------+
Tier 4:+------------------------------------------------------------------+| - Fully redundant || - 99.995% uptime (26 min downtime/year) || - Fault tolerant |+------------------------------------------------------------------+
Data Center Network Design:+------------------------------------------------------------------+
+---------------------+| Load Balancers |+---------------------+ |+---------------------+| Core Switches | (Spine)+---------------------+ |+---------------------+| Distribution/Agg | (Leaf)+---------------------+ |+---------------------+| ToR Switches | (Top of Rack)+---------------------+ |+---------------------+| Server Rack |+---------------------+
+------------------------------------------------------------------+21.6 Network Segmentation
Section titled “21.6 Network Segmentation” Segmentation Strategies+------------------------------------------------------------------+
By Function:+------------------------------------------------------------------+| VLAN 10: Management || VLAN 20: Servers || VLAN 30: User workstations || VLAN 40: Guest network || VLAN 50: IoT devices || VLAN 60: VoIP |+------------------------------------------------------------------+
By Department:+------------------------------------------------------------------+| VLAN 101: Engineering || VLAN 102: Sales || VLAN 103: HR || VLAN 104: Finance |+------------------------------------------------------------------+
Security Zones:+------------------------------------------------------------------+
Untrusted (Internet) | DMZ (Semi-trusted) | Internal Network (Trusted) | Sensitive (Highly Trusted) | Management (Isolated)
+------------------------------------------------------------------+
Microsegmentation:+------------------------------------------------------------------+| - Very fine-grained segmentation || - Per-workload policies || - Software-defined || - Zero Trust approach |+------------------------------------------------------------------+
+------------------------------------------------------------------+21.7 Network Documentation
Section titled “21.7 Network Documentation” What to Document+------------------------------------------------------------------+
Physical:+------------------------------------------------------------------+| - Cabling layout || - Rack diagrams || - Device locations || - Port assignments |+------------------------------------------------------------------+
Logical:+------------------------------------------------------------------+| - IP addressing scheme || - VLAN assignments || - Subnet mask || - Routing topology |+------------------------------------------------------------------+
Services:+------------------------------------------------------------------+| - DNS servers || - DHCP scopes || - Network services || - Port usage |+------------------------------------------------------------------+
Security:+------------------------------------------------------------------+| - Firewall rules || - Access control lists || - VPN configurations |+------------------------------------------------------------------+
Documentation Tools:+------------------------------------------------------------------+| - Draw.io / Visio: Diagrams || - NetBox: IPAM/DCIM || - LibreNMS: Network monitoring || - Git: Version control |+------------------------------------------------------------------+
+------------------------------------------------------------------+Summary
Section titled “Summary”In this chapter, you learned:
- ✅ Network types (LAN, WAN, MAN, PAN)
- ✅ Network topologies (Star, Ring, Mesh, Tree)
- ✅ Three-tier architecture
- ✅ DMZ design
- ✅ Data center tiers
- ✅ Network segmentation
- ✅ Network documentation
Next Chapter
Section titled “Next Chapter”Chapter 22: Cloud Networking Basics
Last Updated: February 2026